tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCAP: Distinguishing packets based on different senders ?

From: Guy Harris <guy () alum mit edu>
Date: Tue, 21 Mar 2006 15:29:45 -0800

On Mar 21, 2006, at 2:21 PM, J S wrote:
But is it possible to collect info for all the required packets and then distinguish them based on their sender/reciever inside my pcap program (in 
one process)?


Yes.


Does pcap header contains information about sender/reciever or is it
possible to parse the header to get this info?
No. All you get with the pcap header is a time stamp, the length of the packet on the network, and the number of bytes of that data that was actually captured.
What you need to parse is the packet *data*. An IPv4-over-Ethernet packet, for example, will have an Ethernet header with the Ethernet addresses of the recipient and the sender, followed by an IPv4 address with the IPv4 addresses of the recipient and the sender. 

See tcpdump for an example of code that parses packet data.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: